From 1f7a5fad17816eb896fa8afbe61897a7915f3d84 Mon Sep 17 00:00:00 2001
From: Oguz Han Asnaz <oguzhan.asnaz@novu.ch>
Date: Tue, 25 Nov 2025 17:21:35 +0100
Subject: [PATCH] Add warning that caching needs to be disabled when using
 authorization on the GraphQL API

---
 content/collections/docs/graphql.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/content/collections/docs/graphql.md b/content/collections/docs/graphql.md
index e0daab877..b5e309850 100644
--- a/content/collections/docs/graphql.md
+++ b/content/collections/docs/graphql.md
@@ -1521,6 +1521,10 @@ EntriesQuery::auth(function () {
 });
 ```
 
+:::warning
+Make sure to [disable caching](#disabling-caching) when using authorization. Otherwise the cached authorized response will be served even to unauthorized clients!
+:::
+
 ## Custom fields
 
 You can add fields to certain types by using the `addField` method on the facade.